<html><head></head><body bgcolor="#FFFFFF"><div>I've heard of proof of concept demos for hijacking streams. Basically, the attacker on WiFi responds to the TCP SYN request faster than the web site itself. The example I saw showed people whose HTTP image requests all returned goatse.&nbsp;<br><br>https checks the certificate of the remote site. You could do this for https but the certificate wouldn't match.&nbsp;</div><div><br>Thanks,<div><br></div><div>gopi@iPhone</div><div><br></div></div><div><br>On Feb 16, 2012, at 10:59, Jeffrey Carl Faden &lt;<a href="mailto:jeffreyatw@gmail.com">jeffreyatw@gmail.com</a>&gt; wrote:<br><br></div><div><span></span></div><blockquote type="cite"><div>Are you suggesting that an outgoing HTTP GET request can be hijacked and the information that's returned could be script other than jQuery? I'd be interested in understanding more how that works, and how requesting resources over HTTPS prevents that.<div>